Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3,872. Bruce Perens writes: There's been a lot of confusion about the recent Artifex v. Hancomcase, in which the court found that the GPL was an enforceable contract. I'm going to try to explain the whole thing in clear terms for the legal layman.
Two key quotes:

• "What has changed now is that for the purposes of the court, the GPL is both a license, which can be enforced through a claim of copyright infringement, and a contract, which can be enforced through a claim of breach of contract. You can allege both in your court claim in a single case, and fall back on one if you can't prove the other. Thus, the potential to enforce the GPL in court is somewhat stronger than before this finding, and you have a case to cite rather than spending time in court arguing whether the GPL is a contract or not..."
• "Another interesting point in the case is that the court found Artifex's claim of damages to be admissible because of their use of dual-licensing. An economic structure for remuneration of the developer by users who did not wish to comply with the GPL terms, and thus acquired a commercial license, was clearly present."

An anonymous reader shares a report: Playground CEO Andy Rubin, whose new company Essential unveiled a new premium Android smartphone and Amazon Echo competitor yesterday, says his company's Ambient OS smart home platform will be open source. That means that Rubin, who rose to fame in the tech industry for co-founding Android, essentially wants to apply the same open source philosophy that made Android the most dominant mobile operating system to the smart home. [...] Rubin did agree that Android's upgrade rate was much lower, but said that his new venture's Ambient OS had "a solution for that." He stopped short of describing what that solution was, however, noting only that it was "more of a managed service on the back-end."

An anonymous reader writes: Open source guru Eric S. Raymond added something special to his GitHub page: an open source version of the world's first text adventure. "Colossal Cave Adventure" was first written in 1977, and Raymond remembers it as "the origin of many things; the text adventure game, the dungeon-crawling D&D (computer) game, the MOO, the roguelike genre. Computer gaming as we know it would not exist without ADVENT (as it was known in its original PDP-10 incarnation...because PDP-10 filenames were limited to six characters of uppercase)...

"Though there's a C port of the original 1977 game in the BSD game package, and the original FORTRAN sources could be found if you knew where to dig, Crowther & Woods's final version -- Adventure 2.5 from 1995 -- has never been packaged for modern systems and distributed under an open-source license. Until now, that is. With the approval of its authors, I bring you Open Adventure."
Calling it one of the great artifacts of hacker history, ESR writes about "what it means to be respectful of an important historical artifact when it happens to be software," ultimately concluding version control lets you preserve the original and continue improving it "as a living and functional artifact. We respect our history and the hackers of the past best by carrying on their work and their playfulness."

"Despite all the energy Crowther and Woods had to spend fighting ancient constraints, ADVENT was a tremendous imaginative leap; there had been nothing like it before, and no text adventure that followed it would be innovative to quite the same degree."

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.

prisoninmate quotes Softpedia: As it's not an LTS (Long Term Support) branch, the Linux 4.10 kernel series was doomed to reach end of life sooner or later, and it happened this weekend with the release of the Linux kernel 4.10.17 patch, which is a major one changing a total of 103 files, with 981 insertions and 538 deletions. Therefore, users are now urged to move to the Linux 4.11 kernel series. If you're using a GNU/Linux distribution powered by a kernel from the Linux 4.10 series you need to update to version 4.10.17 as soon as it makes its way into the stable repositories. However, please inform your OS vendor that they need to upgrade the kernel packages to the Linux 4.11 series immediately.

He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source. It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate.

Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code.
Code.gov points potential contributors to their code repository on GitHub.

An anonymous reader writes: Steam and Slack are now both included as Flatpak applications on the Endless OS, a free Linux distribution built upon the decades of evolution of the Linux operating system and the contributions of thousands of volunteers on the GNOME project. The beauty of Flatpak is the ability to bridge app creators and Linux distributions using a universal framework, making it possible to bring this kind of software to operating systems that encourage open collaboration...

As an open-source deployment mechanism, Flatpak was developed by an independent cohort made up of volunteers and contributors from supporting organizations in the open-source community. Alexander Larsson, lead developer of Flatpak and principal engineer at Red Hat, provided comment saying, "We're particularly excited about the opportunity Endless affords to advance the benefits of open-source environments to entirely new audiences."

Long-time Slashdot reader paulproteus writes: OpenHatch was a non-profit that organized free tutorials with college computer science groups to learn how to teach how to get involved in open source, covered previously on Slashdot. It has run more than 50 events so far. On Friday, it announced it is closing its doors due to board members moving on to other projects, leaving open the door for other people to organize future Open Source Comes to Campus events.
If you have any stories to share about Open Hatch -- or other campus outreach groups -- feel free to leave them in the comments. Are any Slashdot readers involved with Open Source outreach efforts?

An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises.

The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Orome1 writes: In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects... So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg -- and the list goes on...
Google launched the program in December and wants more open source projects to participate, so they're offering cash rewards for including "fuzz" targets for testing in their software. "Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice that amount, if the proceeds are donated to a charity.

Slashdot reader destinyland writes: The District Court for the Northern District of California recently issued an opinion that is being hailed as a victory for open source software. In this case, the court denied a motion to dismiss a lawsuit alleging violation of an open source software license, paving the way for further action enforcing the conditions of the GNU General Public License... As part of its motion to dismiss, Hancom argued that using open source code offered under open source licensing terms does not form a contract... The District Court ruled that Artifex's breach of contract claim could proceed, finding that the GPL, by its express terms, requires that third parties agree to the GPL's obligations if they distribute the open-source-licensed software [and] concluded that royalty-free licensing under open source conditions does not preclude a claim for damages...

In denying a motion to dismiss, the District Court only holds that the claims may proceed on the theories enunciated by Artifex, not necessarily that they will ultimately succeed. Still, the case represents a significant step forward for open source plaintiffs... In the past decade, while enforcement of open source licensing violations has become more common, few enforcement cases result in published law. The open source community will be watching this case carefully, and this initial decision vindicates the rights of the open source authors to enforce GPL terms on both breach of contract and copyright theories.

prisoninmate quotes Softpedia: The Debian Project announced today Debian GNU/Linux 8.8, the most advanced stable version of the Jessie series, which brings corrections for numerous packages and various security flaws discovered and patched since the release of the Debian GNU/Linux 8.7 maintenance update back in mid-January 2017... "This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available," reads today's announcement.

"Please note that this update does not constitute a new version of Debian 8 but only updates some of the packages included. There is no need to throw away old 'jessie' CDs or DVDs but only to update via an up-to-date Debian mirror after an installation, to cause any out of date packages to be updated."
Debian 8.8 contains more than 150 bug fixes and security updates.

angry tapir shared this news from Computerworld: An open-source chip project is out to break the dominance of proprietary chips offered by Intel, AMD, and ARM... A startup called SiFive is the first to make a business out of the [open source] RISC-V architecture. The company is also the first to convert the RISC-V instruction set architecture into actual silicon. The company on Thursday announced it has created two new chip designs that can be licensed... but the company will not charge royalties. That makes it attractive alternative compared to chip designs from ARM and Imagination Technologies, which charge licensing fees and royalties.
One of RISC-V's inventors co-founded the company, and he says that support is growing -- pointing out that there's already a fork of Linux for RISC-V.

An anonymous reader quotes Fedora Magazine: Both MP3 encoding and decoding will soon be officially supported in Fedora. Last November the patents covering MP3 decoding expired and Fedora Workstation enabled MP3 decoding via the mpg123 library and GStreamer... The MP3 codec and Open Source have had a troubled relationship over the past decade, especially within the United States. Historically, due to licensing issues Fedora has been unable to include MP3 decoding or encoding within the base distribution... A couple of weeks ago IIS Fraunhofer and Technicolor terminated their licensing program and just a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora.

An anonymous reader quotes The Register: Devuan Linux has released its second release candidate... A 1.0.0 release candidate emerged just under a fortnight ago and today the developers announced Devuan Jessie 1.0.0 RC2. New in this cut of the code is a systemd-free version of network-manager, new versions of reportbug, desktop-base and xfce4-panel. GNOME, KDE, and Cinnamon have been removed from tasksel, but can still be installed although they "are known to suffer from some glitches due to the lack of systemd."
The Devuan web site says this series of release candidates "marks an important milestone towards the sustainability and the continuation of Devuan as a universal base distribution." And their announcement describes Devuan as "the Debian that was and could have been. Our goal is to provide a viable and sustainable alternative...a new path, nurtured with your help and support."

BrianFagioli writes: Google has decided to take artificial intelligence to the maker community with a new initiative called AIY. This initiative will introduce open source AI projects to the public that makers can leverage in a simple way. Today, Google announces the first-ever AIY project. Called "Voice Kit," it is designed to work with a Raspberry Pi 3 Model B to create a voice-based virtual assistant. Billy Rutledge, Director of AIY Projects for Google, explains, "The first open source reference project is the Voice Kit: instructions to build a Voice User Interface (VUI) that can use cloud services (like the new Google Assistant SDK or Cloud Speech API) or run completely on-device. This project extends the functionality of the most popular single board computer used for digital making -- the Raspberry Pi. The included Voice Hardware Accessory on Top (HAT) contains hardware for audio capture and playback: easy-to-use connectors for the dual mic daughter board and speaker, GPIO pins to connect low-voltage components like micro-servos and sensors, and an optional barrel connector for dedicated power supply. It was designed and tested with the Raspberry Pi 3 Model B."

prisoninmate quotes Softpedia: Linux kernel 4.11 has been in development for the past two months, since very early March, when the first Release Candidate arrived for public testing. Eight RCs later, we're now able to download and compile the final release of Linux 4.11 on our favorite GNU/Linux distributions and enjoy its new features. Prominent ones include scalable swapping for SSDs, a brand new perf ftrace tool, support for OPAL drives, support for the SMC-R (Shared Memory Communications-RDMA) protocol, journalling support for MD RAID5, all new statx() system call to replace stat(2), and persistent scrollback buffers for VGA consoles... The Linux 4.11 kernel also introduces initial support for Intel Gemini Lake chips, which is an Atom-based, low-cost computer processor family developed using Intel's 14-nanometer technology, and better power management for AMD Radeon GPUs when the AMDGPU open-source graphics driver is used.

Many Slashdot readers know Bryan Lunduke as the creator of the humorous "Linux Sucks" presentations at the annual Southern California Linux Exposition. He's now also a member of the OpenSUSE project board and an all-around open source guy. (In September, he released every one of his books, videos and comics under a Creative Commons license, while his Patreon page offers a tip jar and premiums for monthly patrons). But now he's also got a new "daily computing/nerd show" on YouTube, and last week -- using nothing but free software -- he interviewed the 64-year-old founder of the Free Software Foundation, Richard Stallman. "We talk about everything from the W3C's stance on DRM to opinions on the movie Galaxy Quest," Lunduke explains in the show's notes.

Click through to read some of the highlights.